The Broughton Trust: GDPR Beneficiaries Privacy Notice
How beneficiaries information is used:
1. As a Charity and Company limited by Guarantee, we need to keep and process information about our members. We will keep and use it to enable us to run our Organisation and manage our relationship with our beneficiaries effectively, lawfully and appropriately, at the time they apply to be a beneficiary, during the time that they are a beneficiary and after they cease to be a direct beneficiary.
2. From 31st Janaury 2020 we are obliged to tell our members, under the UK’s General Data Protection Regulation (GDPR), the basis (or bases) that we are relying on to hold and process their data. These are as follows:
2.1 Some of the data we hold about beneficiaries is necessary for compliance with a legal obligation.
We hold beneficiaries names, addresses, any email addresses and phone numbers supplied, to allow us to contact them by post or electronic communication, including Email or text message.
If prospective beneficiaries do not supply the data we require and request from them we may not be able access the services offered..
2.2 The data we hold about members is necessary for “legitimate interests”.
According to the GDPR, legitimate interests can include our organisation’s own interests or broader societal benefits. Our own legitimate interests are set out in the “Memorandums and Articles” of The Broughton Trust, which are:
Clause 3, of, The Broughton Trust; Memorandums and Articles.
- The relief of poverty is such ways as may be thought fit;
- The relief of unemployment;
- The advancement of education, training, or retraining, particularly among unemployed people and providing work experience for the unemployed;
- The technical assistance, business advice or consultancy in order to provide training and employment opportunities for unemployed people in cases of financial or other charitable need through help in setting up their own business or to existing businesses;
- The creation of training and employment opportunities by the provision of workspace, buildings and/or land for use on favourable terms;
- To facilitate the improvement of housing in the public sector or in charitable ownership provided that such power shall not extend to relieving any local authorities or other bodies of statutory duty to provide or improve housing;
- The provision of facilities for recreational facilities for the public at large or those who by reason of their youth, age, infirmity or disablement, poverty or social or economic circumstances have need of such facilities;
- The provision of childcare;
- The promotion of public safety and prevention of crime; and such other means as may from time to time be determined subject to the prior consent of the Charity Commission;
2.3 Based on our Memorandums and Articles we can legitimately use beneficiaries’ names, addresses and email addresses and information about any skills or volunteering capacity offered, to contact them concerning the running of The Trust and its services or about community events held in its name.
In contacting members in this way, we are clear that: we have a legitimate interest in furthering our cause in this way; this interest does not override members’ rights as individuals; beneficiaries would have a reasonable expectation that their data could be used in this way; use of this data is proportionate, non-intrusive and no harm is being done to beneficiaries; and it is a necessary way of reaching our beneficiaries - we cannot simply rely on a general notice in the pub or on our website, for example, beneficiaries, still have the right to object to such mailings and if we cannot prove compelling legitimate grounds then they will be allowed to opt out of such mailings in future. They would still be included in other beneficiary mailings. At no time will beneficiaries details be passed on to any third party for financial gain or any other reason, excluding (7), however.
2.4 On occasions we may deem it appropriate to contact members to pass on information relating to the Trust or community events more generally, or about local community issues or that may be of interest.
The appropriateness of this will be looked at on a case-by-case basis by members of the Board, who would consider whether there was a reasonable chance that: beneficiaries would be interested in these communications, that they would be proportionate use of beneficiaries data, that they would have minimal privacy impact, and that beneficiaries would not be surprised by, or be likely to object to, them. Their consideration will be informed by the Trust’s Memorandums and Articles, including working together for the sustainable development of our own local communities.
If beneficiaries do object to their details having been used for this purpose then we will opt them out of future such mailing lists. They would still be included in other beneficiary mailings, however.
3. If in the future we intend to process beneficiaries’ personal data for a purpose other than those described above we will provide them with information on that purpose and any other relevant information. Where consent is required we will seek it - and they may then withdraw, at any time, any consent given.
4. We will store beneficiaries’ personal data for a period of 6 years from the time that they cease to be a beneficiary of The Broughton Trust. This is to enable us to meet our legal requirements in terms of any financial or other investigation.
5. We will hold all data securely, whether it is stored on paper or in electronic format.
6. We will only disclose information about beneficiaries to other third parties if we are legally obliged to do so. This may include regulatory bodies such as Companies House and project funders.
7. Where we have to disclose information about beneficiaries to third parties we will do it securely.
8. For the avoidance of doubt, we will not pass beneficiaries data on to any third party for marketing purposes.
9. Under the General Data Protection Regulation (GDPR) and The Data Protection Act (DPA) beneficiaries have a number of rights with regard to their personal data. They have the right to:
- Request to see what information we are holding about them.
- Request that we correct any wrong or incomplete information about them.
- Object, as mentioned in 2 above, to our use of member data where we are using it for our legitimate interests as opposed to in compliance with a legal obligation.
- Request that their data is deleted or removed if they believe, and we agree, that there is no compelling reason for the Trust to continue to hold it.
- Prevent us from using their data if it would be likely to cause them distress.
10. Beneficiaries have the right to lodge a complaint to the Information Commissioner’s Office if they believe that we have not complied with the requirements of the GDPR or DPA with regard to their personal data. The Identity and contact details of data controller for The Broughton Trust is the Company Secretary, address as above or Email:
11. The Broughton Trust is the controller of data and the data processor for the purposes of the GDPR and the DPA.
12. Additionally, we may use other data processors. Currently, we have an email account that we use to communicate with partners, beneficiaries and our members, which is provided by: G-mail for privacy policy please see: https://support.google.com/googlecloud/answer/6056694?hl=en
13. We may also communicate with beneficiaries via text messaging or secure messaging services if they provide us with their phone number, e.g. in connection with events or volunteering opportunities. We may use in the future social media such as, WhatsApp as a provider of secure messaging services.
14. We will ensure that these, and any other agencies we use in future, have GDPR compliant procedures for processing your personal data and are based in the European Economic Area or the United Kingdom.
15. Beneficiaries with any concerns as to how their data is processed can contact the Deputy Chief Officer Secretary to the Board of Trustees by writing to them at The Broughton Trust address (please see above), or emailing them to:
